I'm still getting this error when I use in memory storage. MongoDB is 
disabled.

Qrcode is generated, google app scans it, token field appears and any token 
that I type provides error.

2018-02-15 09:31:13,970 DEBUG 
[org.apereo.cas.authentication.PolicyBasedAuthenticationManager] - 
<[GoogleAuthenticatorAuthenticationHandler] exception details: [Failed to 
authenticate code *253227*].>
2018-02-15 09:31:13,971 DEBUG 
[org.apereo.cas.authentication.handler.support.AbstractUsernamePasswordAuthenticationHandler]
 
- <Credential is not one of username/password and is not accepted by 
handler [LdapAuthenticationHandler]>
2018-02-15 09:31:13,972 ERROR 
[org.apereo.cas.authentication.PolicyBasedAuthenticationManager] - 
<*Authentication 
has failed. Credentials may be incorrect or CAS cannot find authentication 
handler that supports [[token=253227]] of type 
[GoogleAuthenticatorTokenCredential]*.>


Can anybody help me ?


W dniu czwartek, 15 lutego 2018 09:53:52 UTC+1 u┼╝ytkownik Janina Byky 
napisał:
>
> Hello,
>
> I'm trying to setup CAS 5.2.2 with Google Authenticator as second auth 
> factor for specified services. CAS is running over LDAP (AD) and GAuth 
> based on mongo. So far everything was great, build succeed, GAuth qrcode 
> appears, user registers and now it's time for TOKEN form. I'm typing all 
> scratch codes and those generated by Google Authenticator, but every single 
> attempt is unsuccessful. Also there's no collection created to store tokens 
> in mongo. Only GAuthRepository is created with proper values of registered 
> users.
>
> *cas.properties*
>
> cas.authn.accept.users=
>
> cas.authn.ldap[0].order=0
> cas.authn.ldap[0].type=AUTHENTICATED
> cas.authn.ldap[0].ldapUrl={CUT}
> cas.authn.ldap[0].connectionStrategy=DEFAULT
> cas.authn.ldap[0].useSsl=true
> cas.authn.ldap[0].connectTimeout=15000
> cas.authn.ldap[0].subtreeSearch=true
> cas.authn.ldap[0].baseDn={CUT}
>
> cas.authn.ldap[0].userFilter=(|(sAMAccountName={user})(userPrincipalName={user}))
> cas.authn.ldap[0].bindDn={CUT}
> cas.authn.ldap[0].bindCredential={CUT}
> cas.authn.ldap[0].enhanceWithEntryResolver=true
> cas.authn.ldap[0].principalAttributeId=sAMAccountName
> cas.authn.ldap[0].principalAttributePassword=
> cas.authn.ldap[0].usePasswordPolicy=true
>
> cas.authn.ldap[0].principalAttributeList=sn,cn:commonName,givenName,sAMAccountName,memberOf
> cas.authn.ldap[0].allowMultiplePrincipalAttributeValues=true
> cas.authn.ldap[0].poolPassivator=NONE
> cas.authn.ldap[0].minPoolSize=2
> cas.authn.ldap[0].maxPoolSize=15
>
>
> cas.authn.mfa.globalProviderId=mfa-gauth
> cas.authn.mfa.globalFailureMode=CLOSED
>
> cas.authn.mfa.gauth.issuer=TEST
> cas.authn.mfa.gauth.codeDigits=6
> cas.authn.mfa.gauth.timeStepSize=60
> cas.authn.mfa.gauth.windowSize=3
> cas.authn.mfa.gauth.label=TEST
> cas.authn.mfa.gauth.rank=0
>
> cas.authn.mfa.gauth.cleaner.enabled=true
> cas.authn.mfa.gauth.cleaner.schedule.startDelay=20000
> cas.authn.mfa.gauth.cleaner.schedule.repeatInterval=60000
>
> cas.authn.mfa.gauth.bypass.type=DEFAULT
>
> cas.authn.mfa.gauth.mongo.clientUri=${mongo.uri}
> cas.authn.mfa.gauth.mongo.dropCollection=false
> cas.authn.mfa.gauth.mongo.collection=GAuthRepository
>
> cas.authn.mfa.gauth.mongo.tokenCollection=GoogleAuthenticatorMongoDbTokenRepository
>
>
>
> *pom.xml*
>
>         <dependency>
>             <groupId>org.apereo.cas</groupId>
>             <artifactId>cas-server-webapp${app.server}</artifactId>
>             <version>${cas.version}</version>
>             <type>war</type>
>             <scope>runtime</scope>
>         </dependency>
>         <dependency>
>             <groupId>org.apereo.cas</groupId>
>             <artifactId>cas-server-support-ldap</artifactId>
>             <version>${cas.version}</version>
>         </dependency>
>         <dependency>
>             <groupId>org.apereo.cas</groupId>
>             <artifactId>cas-server-support-saml</artifactId>
>             <version>${cas.version}</version>
>         </dependency>
>         <dependency>
>             <groupId>org.apereo.cas</groupId>
>             <artifactId>cas-server-support-gauth</artifactId>
>             <version>${cas.version}</version>
>         </dependency>
>         <dependency>
>             <groupId>org.apereo.cas</groupId>
>             <artifactId>cas-server-support-gauth-mongo</artifactId>
>             <version>${cas.version}</version>
>         </dependency>
>
>
> *catalina.log*
>
> 2018-02-15 09:31:13,952 DEBUG 
> [org.apereo.cas.authentication.RegisteredServiceAuthenticationHandlerResolver]
>  
> - <Authentication handlers used for this transaction are 
> [GoogleAuthenticatorAuthenticationHandler,LdapAuthenticationHandler,HttpBasedServiceCredentialsAuthenticationHandler]>
> 2018-02-15 09:31:13,953 DEBUG 
> [org.apereo.cas.adaptors.gauth.GoogleAuthenticatorAuthenticationHandler] - 
> <Received OTP [*253227*]>
> 2018-02-15 09:31:13,954 DEBUG 
> [org.apereo.cas.adaptors.gauth.GoogleAuthenticatorAuthenticationHandler] - 
> <Received principal id *[j.byky*]>
> 2018-02-15 09:31:13,970 DEBUG 
> [org.apereo.cas.authentication.PolicyBasedAuthenticationManager] - 
> <[GoogleAuthenticatorAuthenticationHandler] exception details: [Failed to 
> authenticate code *253227*].>
> 2018-02-15 09:31:13,971 DEBUG 
> [org.apereo.cas.authentication.handler.support.AbstractUsernamePasswordAuthenticationHandler]
>  
> - <Credential is not one of username/password and is not accepted by 
> handler [LdapAuthenticationHandler]>
> 2018-02-15 09:31:13,972 ERROR 
> [org.apereo.cas.authentication.PolicyBasedAuthenticationManager] - 
> <*Authentication 
> has failed. Credentials may be incorrect or CAS cannot find authentication 
> handler that supports [[token=253227]] of type 
> [GoogleAuthenticatorTokenCredential]*.>
> 2018-02-15 09:31:13,976 INFO 
> [org.apereo.inspektr.audit.support.Slf4jLoggingAuditTrailManager] - <Audit 
> trail record BEGIN
> =============================================================
> *WHO: 253227*
> *WHAT: Supplied credentials: [[token=253227]]*
> ACTION: AUTHENTICATION_SUCCESS
> APPLICATION: CAS
> WHEN: Thu Feb 15 09:31:13 CET 2018
> CLIENT IP ADDRESS: 10.100.100.20
> SERVER IP ADDRESS: 10.40.0.2
> =============================================================
>
> >
> 2018-02-15 09:31:13,978 ERROR 
> [org.apereo.cas.web.flow.resolver.impl.AbstractCasWebflowEventResolver] - 
> <1 errors, 0 successes>
> org.apereo.cas.authentication.AuthenticationException: 1 errors, 0 
> successes
> at 
> org.apereo.cas.authentication.PolicyBasedAuthenticationManager.evaluateFinalAuthentication(PolicyBasedAuthenticationManager.java:400)
>  
> ~[cas-server-core-authentication-5.2.2.jar:5.2.2]
> at 
> org.apereo.cas.authentication.PolicyBasedAuthenticationManager.authenticateInternal(PolicyBasedAuthenticationManager.java:380)
>  
> ~[cas-server-core-authentication-5.2.2.jar:5.2.2]
> at 
> org.apereo.cas.authentication.PolicyBasedAuthenticationManager.authenticate(PolicyBasedAuthenticationManager.java:220)
>  
> ~[cas-server-core-authentication-5.2.2.jar:5.2.2]
> at 
> org.apereo.cas.authentication.PolicyBasedAuthenticationManager$$FastClassBySpringCGLIB$$90e801d3.invoke(<generated>)
>  
> ~[cas-server-core-authentication-5.2.2.jar:5.2.2]
> at 
> org.springframework.cglib.proxy.MethodProxy.invoke(MethodProxy.java:204) 
> ~[spring-core-4.3.12.RELEASE.jar:4.3.12.RELEASE]
> at 
> org.springframework.aop.framework.CglibAopProxy$CglibMethodInvocation.invokeJoinpoint(CglibAopProxy.java:738)
>  
> ~[spring-aop-4.3.12.RELEASE.jar:4.3.12.RELEASE]
> at 
> org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:157)
>  
> ~[spring-aop-4.3.12.RELEASE.jar:4.3.12.RELEASE]
> at 
> org.springframework.aop.aspectj.MethodInvocationProceedingJoinPoint.proceed(MethodInvocationProceedingJoinPoint.java:85)
>  
> ~[spring-aop-4.3.12.RELEASE.jar:4.3.12.RELEASE]
> at 
> org.apereo.inspektr.audit.AuditTrailManagementAspect.handleAuditTrail(AuditTrailManagementAspect.java:134)
>  
> ~[inspektr-audit-1.8.0.GA.jar:1.8.0.GA]
> at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) 
> ~[?:1.8.0_162]
> at 
> sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62) 
> ~[?:1.8.0_162]
> at 
> sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
>  
> ~[?:1.8.0_162]
> at java.lang.reflect.Method.invoke(Method.java:498) ~[?:1.8.0_162]
> ...
>
> 2018-02-15 09:31:13,982 INFO 
> [org.apereo.inspektr.audit.support.Slf4jLoggingAuditTrailManager] - <Audit 
> trail record BEGIN
> =============================================================
> WHO: *253227*
> WHAT: [event=error,timestamp=Thu Feb 15 09:31:13 CET 
> 2018,source=OneTimeTokenAuthenticationWebflowEventResolver]
> ACTION: AUTHENTICATION_EVENT_TRIGGERED
> APPLICATION: CAS
> WHEN: Thu Feb 15 09:31:13 CET 2018
> CLIENT IP ADDRESS: 10.100.100.20
> SERVER IP ADDRESS: 10.40.0.2
> =============================================================
>
>
>
> Can anybody tell me what I'm missing?
>

-- 
- Website: https://apereo.github.io/cas
- Gitter Chatroom: https://gitter.im/apereo/cas
- List Guidelines: https://goo.gl/1VRrw7
- Contributions: https://goo.gl/mh7qDG
--- 
You received this message because you are subscribed to the Google Groups "CAS 
Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to cas-user+unsubscr...@apereo.org.
To view this discussion on the web visit 
https://groups.google.com/a/apereo.org/d/msgid/cas-user/b5f6b0d6-1a89-4ada-a8d1-b2440c822bbf%40apereo.org.

Reply via email to